s100
commented
10 months ago request has been deprecated since February 2020. It is no longer under active development, even for security fixes. This CVE will not be fixed. The only fix is to stop using request entirely, and perhaps migrate to an alternative library.
Hello,
I noticed that the request package has a moderate severity vulnerability related to server-side request forgery. I ran npm audit fix as suggested, but I wanted to confirm whether the package has been updated to a non-vulnerable version.
The vulnerability is documented here: GHSA-p8p7-x288-28g6.
Could you please provide information on the status of this vulnerability? Has it been addressed in a recent release of the request package? If not, do you have any plans to release a fix or take any other measures to mitigate this vulnerability?
Best,
Jack McDermott